What does cyber insurance typically cover?

Pandemic or no pandemic--cyber insurance is a must-have. And, not just that, some of your clients may insist that you have cyber insurance coverage before they trust you with their data--especially if you are operating in the B2B market. Cyber insurance can break the fall in case you become the victim of a cyber attack or some gross malfunction that causes data loss. Here’s a list of things cyber insurance policies typically cover.

Forensic analysis

After a cybersecurity attack, you need to conduct a root cause analysis to identify what went wrong and where, so you can take corrective action to prevent the possibility of it repeating.

Notification expenses, penalties & lawsuits

Along with data breaches come a lot of liabilities including timely notification, fines, penalties, and perhaps even lawsuits for which you will need legal representation.

Revenue loss--direct and indirect

If your business is a victim of cybercrime, you will likely have to shut down your IT infrastructure for some time even as the issue is being resolved or contained. This downtime can cost you quite a bit in terms of lost sales and also employee productivity. Not to mention the damage to your business’s brand name which will have some effect on your sales revenue for at least a few months to come--and add to that the costs of employing a good PR agency to create some positive buzz around your brand to overcome the bitter taste left by the data breach incident.

Apart from the items covered above, which is more like a consequence of data loss, there are two big risks that cyber insurance policy can protect you against--cyber extortion and fund diversion.

Cyber extortion

Remember the WannaCry Ransomware incident that happened in 2017? Cybercriminals used a worm, a form of malware to infiltrate more than 200,000 target computers and freeze user’s access to the data therein. The losses caused by WannaCry are estimated to be in the range of billions of dollars. What would you do if someone held your data hostage or worse still threatened to leak it online? As a business owner, you have no choice but to pay up the ransom amount.

Fund diversion

This is another form of cyber attack, though not as obvious as cyber extortion. Fund diversion is when you or your staff accidentally end up diverting your business funds to a fraudster. For example, your accountant clicked on a phishing link that took them to a clone site of the bank where your company has its account, or they made a payment by clicking on a fraudulent email sent by a cybercriminal posing to be your vendor.

It is important to remember that cyber insurance is still NOT a replacement for cybersecurity. You cannot invest in a cyber insurance policy and not bother about putting data security measures in place. In fact, like any other insurance, cyber insurance will also have exclusions and any laxity on your part in terms of data security can cause your cover to become null and void. This is where a trusted managed services provider can be of help. An experienced MSP can help you pick the right cyber insurance policy based on your needs. They will be able to explain the exclusions clearly to you--in your terms and help you design and maintain the security mechanisms and processes necessitated by the cyber insurance policy.

Why does your business need cyber insurance?

The WFH model makes businesses much more vulnerable and easy targets for cybercriminals. Some of the reasons include

• A lot of people accessing their work data from home networks, which lacks high-level security
• The inability of businesses to monitor the work-related IT activities of their staff and,
• The use of personal devices by employees for work purposes

Businesses can overcome this challenge through a combination of tools and actions such as

• Installing anti-malware software
• Putting in firewalls to safeguard their work network
• Having clear and effective IT policies in place when operations are remote
• Providing staff with laptops or desktops to use for work purposes during the WFH phase
• Training employees to identify cyber threats and steer clear of them
• Educating employees on password hygiene and cybersecurity best practices

However, these measures are no guarantee that nothing will ever go wrong! When you lose data accidentally or, when your data is compromised or held ransom, your first thought would be to get access to your data and get your business back on its feet. Yes, you will want to call in for a trusted IT services provider to put your business back on track quickly. But, it is not that simple. If you don’t have a service level agreement with an IT service provider, it may be difficult to find one instantly and also, challenging to find someone who you can trust with your situation. Even if you do find someone, chances are, they will charge you exorbitant rates by the hour.

Cyber insurance typically covers direct and indirect costs arising from cybersecurity incidents. One malicious attachment could bring the whole IT infrastructure crashing down. And, if there’s a data breach where confidential information has been compromised, then you’d be looking at hefty compensation payouts. That is why you need cyber insurance. Cyber insurance is not something new, but it has never been so important as it is now.

WFH means more vulnerability to cybercrime

WFH means more vulnerability to cybercrime. Here are some methods to stay safe

WFH opens up whole new horizons in terms of flexibility, productivity, and cost savings. But, it also opens your business up a little more to cybercriminals, as you can’t have a hands-on approach to cybersecurity, especially if your employees are using their own devices for work. This blog discusses some mechanisms that you can use to mitigate the risks of becoming a victim of cybercrime in the WFH setup.

Multi-factor authentication

Instead of using a single password for data access, multi-factor authentication adds more layers to security. If WFH has your employees accessing their work computers remotely, then you simply cannot skip multifactor authentication. Multi-factor authentication works by confirming the identity of the user across 3 areas

1. What they know: Examples include asking for User IDs, passwords, answers to ‘secret questions’, verification of their date of birth, etc.
2. What they have: This includes physical tokens, access cards, OTPs sent via text or email, etc.
3. Who they are: This authentication mechanism includes biometric authentication such as retina scan, fingerprint, or voice recognition.

While the 3rd kind of authentication (who they are) may not be easy to implement in a WFH scenario, you can still use multi-factor authentication to include the first 2 options.

The Cloud

Using the Cloud to store your files presents a lot of advantages in the WFH environment. It certainly saves time and effort as files don’t have to be mailed back and forth, eliminates version control challenges, and ensures timely access to data. But, did you know that you can also leverage the Cloud to thwart security threats presented by the WFH scenario? The Cloud lets your employees work safely from anywhere and offers more safety than local data storage mechanisms. Any data in the Cloud is encrypted, which means it is not that easy to access confidential information as it would be when someone hacks a PC. Plus, the chances of data loss are almost zero. Unlike your employees storing work files on their computer, which can be lost or misused if their device malfunctions or is stolen or hacked into, any data put on the Cloud stays there.

Employee Training

Did you know that lack of knowledge is one of the major reasons behind companies and individuals becoming victims of cybercrime? All it takes is one wrong click to open the floodgates, and the only way to stop that from happening is to train your employees on cybersecurity best practices. Training will not only provide them with a clear set of do’s and don’ts but also help them identify situations where they may be a possible target. Training on cybersecurity best practices can cover a wide range of topics, but here are a few that should not be missedPassword hygiene

• What does a good password look like?
• Why is password sharing an absolute no-no?
• How to identify phishing attempts?
• Why is it important to install software updates and patches on a timely basis
• Data storage best practices
• The risks associated with public WiFi such as those at malls, coffee shops, or airports

You can also conduct mock drills and check who grasped these concepts right and who needs further training.

An experienced MSP can help you overcome the cybersecurity challenges propelled by the WFH scenario. They can put your mind at ease by taking care of everything--from anti-malware solutions to employee training, and beyond.

Data security in a WFH setup

Do you have staff working from home? With the pandemic still around, the answer to that question is most likely a “Yes”. And, that makes sense too, why risk the safety of your staff when you can operate equally well or even better with them working from the safety of their homes. But, did you know that the WFH model can put your data at risk? When you have your employees work remotely, inadvertently your data is more vulnerable to cybercrimes. However, there are solutions that help ensure the WFH environment is safe--for both your employees and your data. Let’s take a look at 2 of the most recommended ones.

Anti-malware tools

Any discussion about data security has to start with anti-malware applications. These applications keep your computers safe from viruses, worms, adware, and other malware. When your employees are working remotely, they are most likely to use their own devices such as their laptops or the desktop computers at their home. Plus, with the working schedules blurring, and the trend to “be there '' 24/7 catching on, personal devices used for work include smartphones and tablets as well. It could so happen that your employee’s devices are not up-to-date on the latest anti-malware software. These software programs do not come cheap and so your employees may not have them at all or maybe using an outdated or free version of the tool, which may not be of much help. So, one of the first things you should do as a company is to provide the latest version of powerful anti-malware software to your staff to install on their devices. Again, if they are using personal devices, you may not be able to make this mandatory, but considering it safeguards their private data as well, most will happily take advantage of this offer.

Firewalls

Firewalls protect your data by monitoring network traffic and allowing/blocking data exchange based on preset rules. For example, a firewall lets you dictate what websites can or cannot be accessed from a particular device, or what software programs may be installed, etc. Sounds great, doesn’t it? Using a firewall you can weed out the risk of your employees compromising your data security unwittingly by visiting unsecured places on the web. Firewalls also generate alerts for the system administrator if there’s an attempted breach. For example, someone tries to visit a site that has been firewalled. But, there’s a caveat. You can only install a firewall on company property, that is, if you are providing your employees with laptops or desktops to use for work purposes. You can’t Firewall your employee’s devices that they are using to access work files when operating from home.

As you can see, deploying data security software in a WFH environment can be tricky. Consult with an MSP who specializes in cybersecurity, data protection, recovery and backup to learn what are your options and how best to implement them.